CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15879
https://notcve.org/view.php?id=CVE-2020-15879
Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16). Bitwarden Server versión 1.35.1, permite un ataque de tipo SSRF porque no considera determinadas direcciones IPv6 (las que comienzan con fc, fd, fe o ff, y la dirección ::) y determinadas direcciones IPv4 (0.0.0.0/8, 127.0.0.0/8 y 169.254.0.0/16) • https://github.com/bitwarden/server/pull/827 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19766
https://notcve.org/view.php?id=CVE-2019-19766
The Bitwarden server through 1.32.0 has a potentially unwanted KDF. El servidor Bitwarden versiones hasta 1.32.0, presenta un KDF potencialmente no deseado. • https://github.com/bitwarden/jslib/issues/52 https://github.com/bitwarden/server/issues/589 • CWE-916: Use of Password Hash With Insufficient Computational Effort •